Lithium Cookies Datasheet

Lithium Cookies Datasheet

Cookies are small data files stored in web browsers to track usage and enable useful services and features on Lithium Communities. This document provides information on the standard cookies set by Lithium Communities and how to reject or delete those cookies should users choose to do so. Understand that restricting cookies can have an adverse impact on the functionality and the online user experience on the Community.

We classify the cookies typically found on Lithium communities into the four broad categories described below.

Type

Classification

Description

Example

1

Strictly necessary

These cookies are necessary for the proper functioning of the community, such as tracking a user session, or accessing secure areas.

Session cookie used to pin a logged-in session to a browser

2

Performance

The information these cookies collect is anonymous and is used to collect aggregate data including information about the pages users visit.

Cookies delivered by Omniture WebAnalytics and Google Analytics for purposes of aggregate reporting

3

Functional

These cookies allow websites to remember preferences and settings, such as your username, language, region, font size, and so on.

Cookie used to hold a user’s username as part of a “remember me” feature

4

Tracking, targeting and sharing

These cookies remember that you've visited a website, a particular web page, and/or track your activities on the site. This information is sometimes shared with third party advertisers for serving targeted online advertising or other personalized content.

Cookies used to track visitor activity on an individual basis can be used by Lithium or its third party business partners to serve personalized content, and/or later aggregated and used to analyze website traffic and trends.

How to control cookies

Some cookies are necessary for the proper operation of the Community and disabling or removing them may have an adverse impact on the proper functioning and user experience. However, users may choose to view, block, or remove cookies set by Lithium Community through their web browser settings (or any website cookies for that matter). Consult the help feature for your specific browser to find how. Here are some useful links for your convenience.

Also, you may choose to consult an external and independent third party website such as AboutCookies.org or www.youronlinechoices.eu/ if you are in the European Union which provides comprehensive information on a variety of browsers and how to control or change their respective privacy settings.

Cookies used by Lithium

Disabling or removing these cookies may have an adverse impact on the proper functioning and user experience on the Community.

Community cookies

Cookie Name

Type

Description and Purpose

Expiration Time/Type

If removed, disabled, or not accepted

_ga

2

Distinguishes users using a unique ID. It is used by Google Analytics to calculate visitor, session, and campaign data. By default, the configuration setting that sets this cookie is disabled.

2 years (persistent)

Visitor and session data will not be tracked and will not be available to Google Analytics

!lithiumSSO:{client_id}

1

Used for passing authentication information to Lithium

session

SSO will not be functional for the user

LiSESSIONID

1

Session management

session

User cannot log in, and is treated as an anonymous user

­­lia.anon.{setting or config name}

3

Stores community-wide configurations and settings for anonymous users

1 year (persistent)

Community behavior will follow defaults and any UI convenience changes made by the user will be ignored.

liSdkOptions:{communityId}

3

Dropped when a Studio user navigates to Studio > Advanced > SDK and clicks Submit after checking the View as anonymous checkbox.

The cookie allows developers to sign out of the community but still have it find the URL to use for rendering a skin that is hosted via the Community Plugin SDK.

This cookie is used only on stage sites.

1 month or when the View as anonymous checkbox is unselected

The community will serve the URL for the skin set on the stage site instead of the URL to the locally hosted skin (so local SASS development will not work when the user is signed out)

lithium.anonymous.usersetting.{setting name}

3

Remembers user preferences

1 year (persistent)

The community will not remember the user’s setting preferences

lithium.anonymous.usersetting.profile.language

3

Remembers language preferences

1 year (persistent)

The community will not remember the user’s language preferences. The language will default to the native language defined for the community.

lithiumLogin:{community id}

3

Keeps users logged in when they make a request after their session has expired. It is triggered when a user checks Save login name and password. The cookie is encrypted and includes a unique user secure ID in the database.

30 days (persistent)

The "auto login" and "remember me" features will not work

LithiumNotifications

3

Temporarily stores Realtime Notification messages (Toast messages)

session

Realtime notification toasts may not appear (pop-up) after a page transition.

LithiumUserInfo

1

Session management

session

The user will not be able to view secure pages and will be redirected to the login page

LithiumUserSecure

1

Secure Session management

session

The user will not be able to view secure pages and will be redirected to the login page.

LithiumVisitor

4

Replaces VISITOR_BEACON. Lithium currently uses both for backward compatibility. This cookie computes billing visits, registered billing visits, visits, registered visits, and unique visitors metrics. The cookie is encrypted and stores when it was first issued, when it was last seen by Lithium, an unique visitor ID (which is unique per visitor’s browser).

Configurable (Default = 10 years)

Note: To change the default value, contact Lithium Support.

Visits and unique visitors metrics will not be accurate. There will be a new billable visit on each new request. Customers on billing visits model will be affected.

P{poll_id}U{user_id}R{reset_count}

3

Tracks when a user has voted in a poll and tracks the answer value. The cookie is used to prevent a user from voting multiple times in a single poll. The cookie is only placed if Use cookies to prevent multiple votes is enabled in Community Admin.

1,000000+ days

(persistent)

If the user is an anonymous user, the user will be able to vote multiple times when the cookie is cleared. If the user is logged in, votes, and then clears the cookie, they are not allowed to revote.

PushyAuthToken

1

Authenticates the user for a session with Realtime Notifications service (Pushy)

Manually cleared when the user logs out or when their session expires due to inactivity

WebSocket connections to the Realtime Notification service will fail with a 403 Forbidden error and the user will not see realtime notifications.

VISITOR_BEACON

4

Computes billing visits, registered billing visits, visits, registered visits, and unique visitors metrics. The cookie is encrypted and stores, when it was first issued, when it was last seen by Lithium, the user ID, and its own unique ID.

Configurable (Default = 10 years)

Note: To change the

default value, contact Lithium Support.

Visits and unique visitors metrics will not be accurate. There will be a new billable visit on each new request. Customers on billing visits model will be affected.

VISITORID

1

Distinguishes between human and bot traffic

3 years (session)

Defeats the bot detection mechanism. (May see increased spam on the community.)

ValueSurveyParticipation

3

Stores a timestamp storing the creation time of this cookie, which is used in value survey trigger logic.

Default is 90 days. Configurable in Community Admin

The user will get multiple prompts to take a survey

ValueSurveyVisitorCount

3

Stores the survey visit count of the user, which is used in logic that determines when a survey is triggered. This cookie is used in conjunction with the ValueSurveyParticipation cookie. When the ValueSurveyParticiation is set, the count for ValueSurveyVisitorCount cookie is reset to 0.

Expires when the ValueSurveyParticipation cookie is either set or expires

The user will not be prompted to take a survey until the count defined in the Delay before prompting user with survey field in Community Admin > Features > Value Surveys > Settings is met.

Social Media Management cookies

Social Media Management Cookies

Cookie Name

Type

Description and Purpose

Expiration Time/Type

If removed, disabled, or not accepted

X-TOKEN-ID

1

Protects against cross-site scripting

Session

This is a security token. It is critical for the application to run

PLAY_SESSION

1

This is the main session cookie

Session

This is the main session cookie. It is critical for the application to run

__sdx_page

3

Stores the user’s current application tab

14 days

When a user reloads the page, the user is redirected to the default tab instead of to the last tab used in the application

PLAY_LANG

3

Retrieves the user’s language

14 days

This is used only when LSW cannot detect the browser language and a user has no language set

Social Media Management Analytics Cookies

Cookie Name

Type

Description and Purpose

Expiration Time/Type

If removed, disabled, or not accepted

XSessionID

1

This is the main session cookie

24 hours

This is the main session cookie. It is critical for the application to run

JSESSIONID

3

This is an auto-generated JSP cookie

Session

The application does not rely on this cookie but uses the cookie occasionally to auto-generate UUIDs

LSW Publisher Cookies

Cookie Name

Type

Description and Purpose

Expiration Time/Type

If removed, disabled, or not accepted

TOCOMA-CID

1

The user’s main session cookie

Expires when the browser session ends

The application will not run

LSI cookies

Cookie Name

Type

Description and Purpose

Expiration Time/Type

If removed, disabled, or not accepted

SIP|ws

3

Tracks the workspace to redirect to after a session timeout

1 day

All Lithium Community cookies also apply to LSI

Customer and third-party cookies on Lithium communities

Lithium customers may set additional cookies on Lithium Community in addition to the standard cookies disclosed above. These cookies are set and controlled by Lithium customers and their affiliates for various purposes such as website usage tracking (very common practice) and targeting for surveys or advertising in some cases. Lithium does not control the dissemination of such cookies. If you need more information on which additional cookies are set on the Community you are visiting, visit the community’s privacy section. You may also wish to review the How to control cookies section to view, remove, or block certain cookies. Note that disabling or removing cookies may have an adverse impact on the proper functioning of the community, and certain features may become disabled or unavailable.

Cookies set by third-party and external sites

Communities may contain embedded images, videos, and links to external and third-party websites. Lithium customers may also include syndicated content on their communities such as banner ads and similar embedded objects from their affiliates and partners. As a result, when you click on such an object you may be presented with cookies from the owner of that respective website where the content is hosted. Lithium does not control the dissemination of such cookies. Contact the relevant third party website for their privacy policy and cookie information. Note that disabling or removing cookies may have an adverse impact on the proper functioning of the community, and certain features may become disabled or unavailable.

Cookies used on Lithium JX communities

Lithium recently acquired the Jive-x community business and rebranded those communities as Lithium JX. Lithium JX communities use the following cookies:

Cookie Name

Description and Purpose

Possible Values

Type

Expiration Time/Type

anonymous

Used only by the Gamification module. Tracks if the user is authenticated or not.

true or false

3

one year

BIGipServer

Cookies prefixed with BIGipServer help to efficiently route internal traffic, and contain encoded addresses of internal Jive servers. These addresses are strictly internal, and cannot be used to connect to internal servers from the Internet. Altering the values of the cookie will not have any effect. For more information about these cookies, see the article Overview of BIG-IP persistence cookie encoding on the F5 Support site.

2

clickedFolder

This cookie is used in the Admin Console to persist the open/closed status of the current folder as used in various tree-view portions of the Admin Console.

string, true, or false.

1

at session end

containerSecurityToken

Used for

RPC and Proxy Calls (Shindig Token) in loading app data in iFrames

String, alphanumeric

1

configurable, defaults to 1 hour

highlightedTreeviewLink

This cookie is used in the Admin Console to persist the current folder as used in various tree-view portions of the Admin Console.

integer, the DOM ID of the clicked folder.

1

at session end

jive-cookie

This cookie is used in the Admin Console to temporarily persist an encrypted username/password when creating a bridge between two sites. The information in the cookie is first encrypted with AES/256 encryption and then Base64 encoded.

string, Base64 encoded, encrypted username/password of remote site.

1

at session end

jive_default_editor_mode

This cookie is used on the front-end for guest/anonymous users who choose to use an editor mode other than the default editor mode.

string, advanced

3

30 days

jiveLocale

This cookie is used on the front-end for guest/anonymous users who choose a locale setting.

string, locale code

3

30 days

jive.login.ts

Stores the time stamp of the user's last login.

epoch time in ms

1

at session end

jive.login.type

Stores the type of login that was performed, either true native Lithium-JX login or via SSO

String, either "form" or "saml"

1

30 days

jive.mobile.redirect

This cookie retains the user's selection for opening content in the Jive Mobile Web app or the Jive Native App when using a mobile device. Currently supported for iOS devices only.

WEB, NATIVE

3

one month

jiveRegularLoginUserCookie

This cookie is used to auto-redirect the login screen to the built-in authentication page (if the value exists and is set).

true

1

one month

jive.saml.passive.tried

This cookie is used to mark when SAML passive authentication has already been attempted.

This cookie is used to temporarily store the tile configuration information when a user is configuring a tile that integrates with a third-party system, such as Salesforce. After the user clicks Save in the place template editing interface, the cookie is destroyed.

string, encoded representation of the place type and place id

1

after place template changes are saved

skin.palette.preview

This cookie is used to preview the site with an unpublished template.

ID (long value) of the template

1

long lived. 30 days

SPRING_SECURITY_REMEMBER_ME_COOKIE

This cookie is used on the front-end as part of the security authentication process to denote whether or not the user wants to have their credentials persist across sessions. It is part of the Spring Security specification; details are available here.

string, the Base64 encoded username and expiration time combined with an MD5 hex hash of the username, password, expiration time, and private key.

1

defaults to 14 days

X-JCAPI-TOKEN

Legacy csrf token, only in use in the mobile apps, set only to provide backwards compatibility

cookie is still used by the current version of Lithium or if all the setting cookies for anonymous users were moved/migrated to

lia.anon.<setting.name>

cookies?

If both variations are still in use, could you elaborate on the difference and how/when/where they would be created (e.g. what action of an anonymous user would trigger cookie creation)?

It furthermore seems, that certain URL parameters seem to trigger some action that will then create cookie(s), but not always, for example:

https://<community>.tld?profile.language=fr

will create a cookie

lia.anon.profile.language (with value "fr")

if the value in the URL param is changed, the value will change in the cookie as well, BUT ONLY when not logged in / anonymous. We discovered this, because we had very strange behaviour in a multi language community. When users log out (which is when that cookie kicks in) and they have been in another language part of the community before they logged in, they will stay in the section of the community the logged out from, but their UI will change to the language of the community section they have visited before logging in, resulting in a mix of languages.

The question is: Is it a general "feature" that global settings for anonymous users can be set via URL parameters (that will then be saved into cookie values) or is this a bug or some other sort of functionality I'm not aware of?

Also, when does the cookie writing happen, the code handling it seems to run AFTER the page init script and therefore overrides any language specific logic that is performed there.

Third, is there a possibility (probably trough support) to enable/disable that cookie setting logic for certain settings?